Effective Date: March 1, 2007
Individuals who access or control University electronic information resources must take appropriate and necessary measures to ensure the security, integrity, and protection of these resources, using appropriate physical and logical security measures.
Reasons for the Policy
The University embraces an open information technology environment to encourage the use of technology in pursuit of the University's teaching, learning, research, and clinical missions and supporting administrative functions.
Within this environment, the University must preserve and protect its electronic information resources and comply with applicable laws and regulations while facilitating activities that support the University's missions. In a highly distributed technological environment, responsibility for protecting the integrity of electronic information resources is broadly distributed and requires the best efforts of every member of the University community.
Primary Guidance to Which This Policy Responds
This policy responds to the need to protect University information resources and comply with applicable laws and regulations.
Responsible University Office & Officer
The Office of the Vice President, Columbia University Information Technology, is responsible for the maintenance of this policy, and for responding to questions posed regarding this policy. The Vice President, Information Technology is the Responsible Officer.
This policy was established in September 2006.
Who Is Governed by This Policy
This policy applies to all individuals who access, use, or control a University electronic information resource. Those individuals covered include, but are not limited to, staff, faculty, students, those working on behalf of the University, guests, tenants, visitors, and individuals authorized by affiliated institutions and organizations.
Who Should Know This Policy
All individuals described above, and particularly those with broad authority including Senior Executive Officers, Deans, Vice Presidents, Chairs, Directors, Senior Administrative Officers, Departmental Administrators, researchers, and IT support staff.
Exclusions & Special Situations
Those units with special requirements may define stricter policies or may apply for an exception if implementation of this policy imposes an undue burden.
Exceptions may be granted for existing or new systems, usually on a temporary basis, but requests must be accompanied by a written plan stating why the exception is necessary, the duration for the exception, and alternative, interim measures that will be taken to protect the resources in question. The request must be approved by the appropriate business unit administrator and forwarded to email@example.com.